1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 // Framework-side code runs in this namespace. Libs from /vendor partition can't
18 // be loaded in this namespace.
19
20 #include "linkerconfig/common.h"
21 #include "linkerconfig/environment.h"
22 #include "linkerconfig/namespace.h"
23 #include "linkerconfig/namespacebuilder.h"
24
25 using android::linkerconfig::modules::Namespace;
26
27 namespace android {
28 namespace linkerconfig {
29 namespace contents {
30
SetupSystemPermittedPaths(Namespace * ns)31 void SetupSystemPermittedPaths(Namespace* ns) {
32 std::string product = Var("PRODUCT");
33 std::string system_ext = Var("SYSTEM_EXT");
34
35 // We can't have entire /system/${LIB} as permitted paths because doing so
36 // makes it possible to load libs in /system/${LIB}/vndk* directories by
37 // their absolute paths, e.g. dlopen("/system/lib/vndk/libbase.so"). VNDK
38 // libs are built with previous versions of Android and thus must not be
39 // loaded into this namespace where libs built with the current version of
40 // Android are loaded. Mixing the two types of libs in the same namespace
41 // can cause unexpected problems.
42 const std::vector<std::string> permitted_paths = {
43 "/system/${LIB}/drm",
44 "/system/${LIB}/extractors",
45 "/system/${LIB}/hw",
46 system_ext + "/${LIB}",
47
48 // These are where odex files are located. libart has to be able to dlopen
49 // the files
50 "/system/framework",
51
52 "/system/app",
53 "/system/priv-app",
54 system_ext + "/framework",
55 system_ext + "/app",
56 system_ext + "/priv-app",
57 "/vendor/framework",
58 "/vendor/app",
59 "/vendor/priv-app",
60 "/system/vendor/framework",
61 "/system/vendor/app",
62 "/system/vendor/priv-app",
63 "/odm/framework",
64 "/odm/app",
65 "/odm/priv-app",
66 "/oem/app",
67 product + "/framework",
68 product + "/app",
69 product + "/priv-app",
70 "/data",
71 "/mnt/expand",
72 "/apex/com.android.runtime/${LIB}/bionic",
73 "/system/${LIB}/bootstrap",
74 };
75
76 for (const std::string& path : permitted_paths) {
77 ns->AddPermittedPath(path);
78 }
79 if (!android::linkerconfig::modules::IsTreblelizedDevice()) {
80 // System processes can use product libs only if device is not treblelized.
81 ns->AddPermittedPath(product + "/${LIB}");
82 }
83 }
84
BuildSystemDefaultNamespace(const Context & ctx)85 Namespace BuildSystemDefaultNamespace([[maybe_unused]] const Context& ctx) {
86 bool is_fully_treblelized =
87 android::linkerconfig::modules::IsTreblelizedDevice();
88 std::string product = Var("PRODUCT");
89 std::string system_ext = Var("SYSTEM_EXT");
90
91 // Visible to allow links to be created at runtime, e.g. through
92 // android_link_namespaces in libnativeloader.
93 Namespace ns("default",
94 /*is_isolated=*/is_fully_treblelized,
95 /*is_visible=*/true);
96
97 ns.AddSearchPath("/system/${LIB}");
98 ns.AddSearchPath(system_ext + "/${LIB}");
99 if (!is_fully_treblelized) {
100 // System processes can search product libs only if product VNDK is not
101 // enforced.
102 ns.AddSearchPath(product + "/${LIB}");
103 ns.AddSearchPath("/vendor/${LIB}");
104 ns.AddSearchPath("/odm/${LIB}");
105 }
106
107 if (is_fully_treblelized) {
108 SetupSystemPermittedPaths(&ns);
109 }
110
111 ns.AddRequires(ctx.GetSystemRequireLibs());
112 ns.AddProvides(ctx.GetSystemProvideLibs());
113 return ns;
114 }
115
116 } // namespace contents
117 } // namespace linkerconfig
118 } // namespace android
119